Hi Sergey, in Fedora we carry several patches which are not yet upstream, but IMO should be.
- problem for crash with "/" character on 157th place in ustar filename, patch is attached (fixed in GNU tar) - patch for support of larger device numbers: https://lists.gnu.org/archive/html/bug-cpio/2008-07/msg00000.html - exit status fix if file can not be added to archive because: http://lists.gnu.org/archive/html/bug-cpio/2006-11/msg00000.html But newer version attached since it needs testsuite fix now. Btw., thanks for the release 2.13! Pavel
>From 3d6c193d5fb1e4e6022f976437caf01fdef68ee8 Mon Sep 17 00:00:00 2001 From: Pavel Raiskup <[email protected]> Date: Wed, 6 Nov 2019 11:13:02 +0100 Subject: [PATCH] ustar: fix prefix length calculation in split_long_name This is backport of cd91cd3c629e3c489e5ab4650f443cdcfeec670a from GNU tar. * src/tar.c (split_long_name): Fix prefix length calculation. --- src/tar.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/tar.c b/src/tar.c index 07abfcd..99ef8a2 100644 --- a/src/tar.c +++ b/src/tar.c @@ -48,10 +48,12 @@ split_long_name (const char *name, size_t length) { size_t i; - if (length > TARPREFIXSIZE) - length = TARPREFIXSIZE+2; + if (length > TARPREFIXSIZE + 1) + length = TARPREFIXSIZE + 1; + else if (ISSLASH (name[length - 1])) + length--; for (i = length - 1; i > 0; i--) - if (name[i] == '/') + if (ISSLASH (name[i])) break; return i; } -- 2.23.0
>From d1ed67bbed7dcc49d4534a6ffeac127b7bada9c3 Mon Sep 17 00:00:00 2001 From: Pavel Raiskup <[email protected]> Date: Wed, 6 Nov 2019 11:24:41 +0100 Subject: [PATCH] set exit code to 1 when cpio fails to store file > 4GB * src/copyout.c (field_width_error): Exit with error for too large files. * tests/CVE-2019-14866.at: Remove stderr line which is not printed out because of premature end. --- src/copyout.c | 2 +- tests/CVE-2019-14866.at | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/copyout.c b/src/copyout.c index 8b0beb6..4b7336b 100644 --- a/src/copyout.c +++ b/src/copyout.c @@ -290,7 +290,7 @@ field_width_error (const char *filename, const char *fieldname, { char valbuf[UINTMAX_STRSIZE_BOUND + 1]; char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; - error (0, 0, _("%s: value %s %s out of allowed range 0..%s"), + error (1, 0, _("%s: value %s %s out of allowed range 0..%s"), filename, fieldname, STRINGIFY_BIGINT (value, valbuf), STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8), diff --git a/tests/CVE-2019-14866.at b/tests/CVE-2019-14866.at index e877b39..50ad60b 100644 --- a/tests/CVE-2019-14866.at +++ b/tests/CVE-2019-14866.at @@ -30,6 +30,5 @@ fi [0], [], [cpio: file: value size 17179869184 out of allowed range 0..8589934591 -2 blocks ]) AT_CLEANUP -- 2.23.0
